Configuring SAML/Okta
This article helps you in understanding how to use SAML/Okta as part of your Shared Accounts Authentication method.
Overview
This integration will allow you to let learners login with the same credentials they use to access your systems. By providing learners with the course or group enrollment links, they will be granted access to the courses you’ve assigned. This option offers complete control of who has access to your school.
**SAML/Okta is not enabled by default. Please reach out to Support to have this feature enabled.**
Configuration in Northpass
- Select School Settings by hovering over your school logo in the top left-hand corner, followed by selecting Authentication.
- Click Edit in the upper right-hand corner.
- Select Shared Accounts from the dropdown. Now Select Okta. You'll now need to configure if you'd prefer Just SSO or SSO + Provisioning.
- Enter your identity provider single sign-on URL.
- Enter your identity provider issuer.
- Enter your X.509 certificate.
- Enter the URL you would like learners to be taken to after they sign out from Northpass.
If you had selected SSO + Provisioning (Okta only) in step 7, add your API key to take advantage of Provisioning (see Step 10)
Click Save.
(Optional)If you want, you can configure in Okta the option of sending groups to Northpass to which the user is added in your system.
Gainsight CE will do the following if group information is sent to us:
- If the group that is sent with the logging-in user does not exist in Northpass, this group will be created automatically and the user will be added to it.
- If the group that is sent with the logging-in user already exists in Northpass, the user will be automatically added to it and enrolled in all Courses and Learning Paths that belong to that group.
Get started sharing links to your school. Anyone with an account in your system will be able to authenticate upon visiting your school. Learners will only see the courses that they have been granted access to.
SAML-Based SSO for Admin Access
The SAML authentication feature allows CE admins to log into the Admin Panel using their existing SSO credentials, streamlining access and enhancing security.
Key Enhancements:
- Streamlined Access: Admins can authenticate using SSO solutions like Google Apps, Okta, and other SAML providers.
- Improved Security: Centralized authentication ensures a higher level of security and compliance.
- Operational Efficiency: Reduces the need for multiple passwords, saving time and reducing potential for errors.
How to Configure:
- Log in to your Gainsight Admin Panel to navigate to Settings.
- Go to the SAML Configuration section.
- Manage connections. You will see a list of available authentication mechanisms or manually add the details in the Authentication Mechanism dialog box.
- Toggle on the status to activate SAML connections such as GSuite or Okta.
Usage Scenario:
Imagine a scenario where your organization uses Okta for SSO. CE (fka Northpass) admins can seamlessly log into Gainsight using their Okta credentials, without needing a separate set of login details. This not only simplifies the user experience but also ensures consistent security policies across all platforms.